Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9131A30/4B7A186ACAF211EEACDB2E1EC4F9AE02/C3CCADD2CAF211EEBA58E81EC4F9AE02.roa
File:                     C3CCADD2CAF211EEBA58E81EC4F9AE02.roa (raw, json)
Hash identifier:          kw/n7fkzAUA5N8iXTK5blaPIVxmW9CgWCBSDv6AbxsI=
Subject key identifier:   73:4A:5C:86:AC:6A:7F:53:21:1C:E3:72:E9:79:E1:B0:12:A2:2F:B6
Certificate issuer:       /CN=A9131A30/serialNumber=F92DB5BA3512E46A7CDBFB4B3514BD6FF85C8F3D
Certificate serial:       04
Authority key identifier: F9:2D:B5:BA:35:12:E4:6A:7C:DB:FB:4B:35:14:BD:6F:F8:5C:8F:3D
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/-S21ujUS5Gp82_tLNRS9b_hcjz0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9131A30/4B7A186ACAF211EEACDB2E1EC4F9AE02/C3CCADD2CAF211EEBA58E81EC4F9AE02.roa
Signing time:             Wed 14 Feb 2024 05:17:33 +0000
ROA not before:           Wed 14 Feb 2024 05:17:33 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     136784
IP address blocks:        157.15.242.0/24 maxlen: 24
                          157.15.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9131A30/4B7A186ACAF211EEACDB2E1EC4F9AE02/-S21ujUS5Gp82_tLNRS9b_hcjz0.crl
                          rsync://rpki.apnic.net/member_repository/A9131A30/4B7A186ACAF211EEACDB2E1EC4F9AE02/-S21ujUS5Gp82_tLNRS9b_hcjz0.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/-S21ujUS5Gp82_tLNRS9b_hcjz0.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 24 Jun 2024 05:41:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9131A30/serialNumber=F92DB5BA3512E46A7CDBFB4B3514BD6FF85C8F3D
        Validity
            Not Before: Feb 14 05:17:33 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=65cc4ced-5ad3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:87:3c:c0:17:3a:6d:8a:d0:0d:92:14:8e:92:
                    2a:e2:44:df:1a:e4:6e:cc:cb:2d:5a:43:2b:de:7e:
                    bc:a5:be:21:2a:10:99:71:6e:f6:20:ee:84:9d:91:
                    ae:3d:82:e7:9f:8a:d3:cc:b2:ad:e0:99:48:0d:80:
                    17:28:17:60:3e:c0:65:3a:54:eb:40:9f:8a:55:36:
                    c5:97:d2:79:56:64:af:6a:a3:72:73:ee:65:74:31:
                    59:33:0a:77:58:74:79:2d:d9:07:cc:61:b4:02:83:
                    a4:50:fd:93:2f:0b:27:ea:0b:76:22:0d:0c:9c:24:
                    7a:6a:8e:eb:31:0d:50:18:f6:f7:79:0a:16:6c:f3:
                    20:e5:76:2e:fb:4b:11:9c:49:2f:32:a5:54:a2:5c:
                    7e:30:78:d7:f6:19:c5:74:2b:5d:c5:65:c8:2a:46:
                    a2:56:c9:5c:4e:f4:03:6b:91:c3:d8:2f:61:ac:3f:
                    ed:0e:86:d1:39:26:05:3b:ca:a0:45:43:38:36:cc:
                    ee:5c:07:3c:3e:26:1d:38:05:ec:b2:e5:c1:1f:7b:
                    36:3b:7f:66:35:3f:26:32:79:35:47:d3:b4:36:b8:
                    19:89:f1:d0:26:2a:f1:4d:41:91:0a:a0:34:84:04:
                    1b:3a:bd:d1:a8:f4:6b:75:bf:b4:6d:d5:18:ec:3c:
                    b8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:4A:5C:86:AC:6A:7F:53:21:1C:E3:72:E9:79:E1:B0:12:A2:2F:B6
            X509v3 Authority Key Identifier:
                keyid:F9:2D:B5:BA:35:12:E4:6A:7C:DB:FB:4B:35:14:BD:6F:F8:5C:8F:3D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9131A30/4B7A186ACAF211EEACDB2E1EC4F9AE02/-S21ujUS5Gp82_tLNRS9b_hcjz0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/-S21ujUS5Gp82_tLNRS9b_hcjz0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9131A30/4B7A186ACAF211EEACDB2E1EC4F9AE02/C3CCADD2CAF211EEBA58E81EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:d0:ef:d7:39:39:5b:21:2b:2e:ee:ea:87:28:da:21:dc:54:
         85:2e:b9:08:9f:5a:c0:6b:b8:f3:fd:ed:59:6f:45:67:ef:cd:
         37:1f:1b:a2:73:e2:fe:28:0e:75:00:a1:b3:f3:98:f5:2c:7f:
         bd:51:ea:94:e8:99:03:ed:d7:4b:9b:f1:3c:82:cc:5c:ae:2e:
         08:cc:82:c2:a0:c6:34:48:f7:7b:2e:13:c9:c2:3d:86:93:6f:
         44:36:65:80:00:2e:7c:cf:7c:dd:6f:4b:39:b1:bf:9a:00:49:
         48:13:b1:52:8f:e7:5f:2d:f4:36:19:25:a5:8a:4f:61:4a:08:
         ac:1d:81:c9:ff:95:ad:30:26:84:27:7d:5d:10:30:22:f5:d4:
         27:84:84:23:d7:dd:d6:99:67:09:af:df:62:90:47:dd:86:cb:
         66:ab:61:ca:dd:d1:8b:cb:73:b5:44:86:ed:da:18:5e:7b:28:
         48:65:63:fc:1f:e5:72:e1:46:ee:e2:0c:98:31:7d:54:1e:a6:
         1d:a7:6b:23:fd:d5:21:ed:40:fa:2f:30:d6:0f:10:2e:44:be:
         44:8d:34:ab:57:83:69:e4:41:0c:a5:cc:33:7a:b7:1f:6b:bc:
         fc:f2:cc:fc:d0:fb:7c:d8:31:d2:7c:9c:65:42:4f:d8:e6:bf:
         22:f7:10:bf
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEz
MUEzMDExMC8GA1UEBRMoRjkyREI1QkEzNTEyRTQ2QTdDREJGQjRCMzUxNEJENkZG
ODVDOEYzRDAeFw0yNDAyMTQwNTE3MzNaFw0yNTA1MjgwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1Y2M0Y2VkLTVhZDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDNhzzAFzptitANkhSOkiriRN8a5G7Myy1aQyvefrylviEqEJlxbvYg7oSdka49
guefitPMsq3gmUgNgBcoF2A+wGU6VOtAn4pVNsWX0nlWZK9qo3Jz7mV0MVkzCndY
dHkt2QfMYbQCg6RQ/ZMvCyfqC3YiDQycJHpqjusxDVAY9vd5ChZs8yDldi77SxGc
SS8ypVSiXH4weNf2GcV0K13FZcgqRqJWyVxO9ANrkcPYL2GsP+0OhtE5JgU7yqBF
Qzg2zO5cBzw+Jh04Beyy5cEfezY7f2Y1PyYyeTVH07Q2uBmJ8dAmKvFNQZEKoDSE
BBs6vdGo9Gt1v7Rt1RjsPLjvAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUc0pchqxq
f1MhHONy6XnhsBKiL7YwHwYDVR0jBBgwFoAU+S21ujUS5Gp82/tLNRS9b/hcjz0w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTMxQTMwLzRCN0ExODZBQ0FG
MjExRUVBQ0RCMkUxRUM0RjlBRTAyLy1TMjF1alVTNUdwODJfdExOUlM5Yl9oY2p6
MC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvLVMyMXVqVVM1R3A4Ml90TE5SUzliX2hjanowLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEz
MUEzMC80QjdBMTg2QUNBRjIxMUVFQUNEQjJFMUVDNEY5QUUwMi9DM0NDQUREMkNB
RjIxMUVFQkE1OEU4MUVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAZ0P8jANBgkqhkiG9w0BAQsFAAOCAQEAm9Dv1zk5WyErLu7q
hyjaIdxUhS65CJ9awGu48/3tWW9FZ+/NNx8bonPi/igOdQChs/OY9Sx/vVHqlOiZ
A+3XS5vxPILMXK4uCMyCwqDGNEj3ey4TycI9hpNvRDZlgAAufM983W9LObG/mgBJ
SBOxUo/nXy30NhklpYpPYUoIrB2Byf+VrTAmhCd9XRAwIvXUJ4SEI9fd1plnCa/f
YpBH3YbLZqthyt3Ri8tztUSG7doYXnsoSGVj/B/lcuFG7uIMmDF9VB6mHadrI/3V
Ie1A+i8w1g8QLkS+RI00q1eDaeRBDKXMM3q3H2u8/PLM/ND7fNgx0nycZUJP2Oa/
IvcQvw==
-----END CERTIFICATE-----
Generated at Mon Jun 17 11:41:53 2024 by rpki-client on console-ams.rpki-client.org